[news.sysadmin] restrict access to a newsgroup

asp@cos.com (Andrew S. Partan) (11/04/88)

In article <1005@cps3xx.UUCP>, rang@cpsin3.cps.msu.edu (Anton Rang) writes:
>   Is it possible to restrict access to a newsgroup (on a particular
>   machine)?  For instance, by changing the mode of its spool dir?
>   If so, this would solve 99% of the problems with a security group,
>   at least here--just don't give ordinary users privs to see it!

It is possible to restrict a set of newsgroups to a group of readers -
just make the news dirs 750, uid news, gid restricted group.

Eg, in /usr/spool/news, we have (partial list):
	drwxr-xr-x 28 news     news          512 Oct 12 22:40 alt
	drwxr-xr-x 42 news     news         1024 Oct 25 21:42 comp
	drwxr-x---  7 news     tsd           512 Sep 27 14:05 cos
Where alt & comp are open for all to read, and the cos.* newsgroups can
only be read by people in the 'tsd' group (or by the uids news and
root).  This does not restrict *posting* - anyone can post to the cos.*
newsgroups, but it does restrict *reading* - by any newsreader.

Note that you can NOT turn this on & off (by time periods, i.e.: to
restrict newsreading of certain newsgroups during the working day)
because most newsreaders (at least vnews & readnews do) will assume
that there is NO news if they can not get access to the article (they
do not distinguish between no access & no such file, I would guess),
and then update the .newsrc marking ALL of the articles as read.

	--asp (Andrew Partan @ Corporation for Open Systems)
	-- asp@cos.com or asp%cos.com@uunet.uu.net
	-- {uunet, sundc, decuac, hqda-ai, hadron}!cos!asp
	ASN.1 Object Identifier: "{joint-iso-ccitt mhs(6) group(6) 157}"

pf@csc.ti.com (Paul Fuqua) (11/05/88)

    Date: Friday, November 4, 1988  8:39am (CST)
    From: asp at cos.com (Andrew S. Partan)
    Subject: Re: restrict access to a newsgroup (was Re: Proposal for comp.security)
    Newsgroups: news.groups,news.sysadmin

    It is possible to restrict a set of newsgroups to a group of readers -
    just make the news dirs 750, uid news, gid restricted group.
    ....
	    This does not restrict *posting* - anyone can post to the cos.*
    newsgroups, but it does restrict *reading* - by any newsreader.

Except one using NNTP from another machine.  The NNTP server that's
floating around uses another mechanism, and only for version 1.5 and
later.

                              pf

Paul Fuqua
Texas Instruments Computer Science Center, Dallas, Texas
CSNet:  pf@csc.ti.com (ARPA too, sometimes)
UUCP:   {smu, texsun, cs.utexas.edu, im4u, rice}!ti-csl!pf